LOCAL CHAPTERS

Find chapters in your area

BYOD Policy, Security Highlighted as Apple, IBM Join Forces

Apple and IBM’s​ recent announcement that they will partner to bring IBM’s big data and analytics capabilities to the iPhone and iPad highlights the need for human resources and information technology professionals to be prepared for the sea change of enterprise mobility.

Why should HR care?

Because according to
Counterpoint Technology Market Research, Apple’s iPhone 5s continues to be the best-selling phone in the world, and more and more businesses, in an effort to save money, are requiring their employees to bring their own devices to work—despite security concerns, experts say.

Bring your own device (BYOD) as a trend “is an inevitable part of your workforce strategy and … companies must prepare for its spread across their organizations,” according to the June 2014
Forrester Wave: Global BYOD Management Services report.

In a recent survey, 26 percent of respondents said their employer required use of employees’ personal devices, and 15 percent had signed a BYOD agreement, information technology research and advisory company, Gartner stated in a report published in May 2014.

After all, “iPhone and iPad … have transformed the way people work with [more than] 98 percent of the
Fortune 500 and [more than] 92 percent of the Global 500 using iOS devices in their business today,” said Apple CEO Tim Cook in a news release on Apple’s mobile operating system. “For the first time ever we’re putting IBM’s renowned big data analytics at iOS users’ fingertips.”

Experts say this trend will mean HR needs to prepare to implement mobile device management policies and IT will need to address security concerns.

Forrester reports that 35 percent of companies with more than 1,000 employees in the U.S.—and 24 percent of such employers in Canada, as well as 21 percent in Europe—“are ready to pay some or all the cost of a mobile phone or smartphone used for work.”

While at other companies, having employees pay for their own equipment may ease costs, the need for policies surrounding BYOD will be even more critical, experts say.

David Lee, vice president of product management at RingCentral, a software-as-a-service vendor that provides cloud-based phone systems for businesses, told
SHRM Online in an interview that mobile providers are hoping to enter the enterprise, which “should make it easier for HR to manage and enforce BYOD policies and [for] IT to provide secure and manageable infrastructure for these new mobile devices.”

Security Still Important

The Forrester Wave report stated that “security management for employee personal devices used for work is a top concern, which is unlikely to abate.” Some 77 percent of those surveyed by Forrester said they expect their BYOD policies to change within the next 12 months to address security concerns. Part of that focus will be on “what type of information and resources can be accessed, and how to monitor and enforce IT policies related to downloads, and transfers of information,” according to the report.

“One challenge HR may face is employees’ willingness to partially give up control of their personal devices,” Lee said. “Many of the mobile device management functions included in [Apple’s latest operating system], which IBM will no doubt leverage, take some control away from users (what can be installed, what can be deleted, etc.), and may enable employees to have access to data on their personal devices that employers may not be aware of,” Lee pointed out via e-mail. “HR may need to manage those concerns and expectations transparently to ensure employee acceptance.”

Michael Osterman, principal analyst with Osterman Research, which provides insight for companies in the messaging industry, told
CIO Magazine recently that “it is clear organizations need to continue to educate employees on the dangers and risks of mobile security, but also look to solutions that safeguard the devices and applications which these employees have access to.”

Here’s What HR Can Do

SHRM Technology and HR Management Special Expertise Panel member Jeremy Ames told
SHRM Online in an e-mail interview that measures for securing personal devices can include “such things as ensuring your company has a virtual private network, or for Android users, installing security programs such as Avast [or] … making sure ‘Find My iPhone’ [an app that locates the missing device] is set up.”

He said the goal is to have the minimum set of security requirements for BYOD devices.

Ames added that training on the use of BYOD is important, but “I don’t think that training alone can be sufficient if companies truly think that what they’re ending up with is a secured dual-purpose device,” he said. “That is true of most companies, but especially for industries like financial services, legal, defense contractors, etc. More and more companies are trying to realize the cost savings associated with BYOD, but aren’t tackling this important issue” of security.

“One of the biggest challenges for IT leaders is making sure that their users fully understand the implications of faulty mobile security practices,” Mike Escherich, principal research analyst at Gartner, stated in a news release, “and to get users and management to adhere to essential steps which secure their mobile devices.”

Ames added, “Of particular concern are the mechanisms people have to send data up to cloud-data storage services like Dropbox. If the data isn’t properly segregated, you’ve already lost some control, and information, to the cloud.So yes, while there can be ‘DIY security’ put in place, I think that companies might want to determine if the effort to physically get the devices in their hands to secure them is worth the payback they’ll end up with.”